Microsoft issues Flame-resistant certificate updater

By Kevin McCaney

Jun 14, 2012

Microsoft has released an automated updater that will flag revoked digital certificates to protect against malware such as Flame, which spread by forging Microsoft certificates to fool Windows machines into accepting the malicious code.

The updater, available for Windows 7, Vista, Server 2008 and Windows Server 2008 R2, will flag as untrusted any digital certificates that have been compromised or are in some other way considered not trustworthy, Microsoft said on its support site.

“After this update is installed, customers benefit from quick automatic updates of untrusted certificates,” the company said.

Flame, a large, sophisticated piece of spyware discovered in May attacking computers in Iran, other Middle Eastern countries and several in Europe, spread by spoofing Microsoft certificates to make it appear it was coming from Microsoft.

Cryptography experts have said it used a previously unseen “chosen prefix collision attack” to hack into the Windows Update system, displaying a level of cryptanalysis that they described as “world class.”

It was detected in a relatively small number of computers, mostly in Iran and the Palestinian West Bank, and its complexity led security experts to suspect it was the work of a nation-state. Researchers at Kaspersky Labs said they found that some code in Flame had been shared with Stuxnet, which news reports have attributed to the United States and Israel.

After the Flame’s certificate spoofing was uncovered, Microsoft June 3 released an emergency patch that revoked the certificates involved.